WO2012069446A2 - Support d'enregistrement et procédé servant à faire fonctionner un support d'enregistrement - Google Patents

Support d'enregistrement et procédé servant à faire fonctionner un support d'enregistrement Download PDF

Info

Publication number
WO2012069446A2
WO2012069446A2 PCT/EP2011/070627 EP2011070627W WO2012069446A2 WO 2012069446 A2 WO2012069446 A2 WO 2012069446A2 EP 2011070627 W EP2011070627 W EP 2011070627W WO 2012069446 A2 WO2012069446 A2 WO 2012069446A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
storage medium
file management
authentication
Prior art date
Application number
PCT/EP2011/070627
Other languages
German (de)
English (en)
Other versions
WO2012069446A3 (fr
Inventor
Eddy Bernhard
Armin Bartsch
Original Assignee
Giesecke & Devrient Secure Flash Solutions Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Secure Flash Solutions Gmbh filed Critical Giesecke & Devrient Secure Flash Solutions Gmbh
Publication of WO2012069446A2 publication Critical patent/WO2012069446A2/fr
Publication of WO2012069446A3 publication Critical patent/WO2012069446A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to a method for storing data on a storage medium according to the preamble of claim 1, a storage medium according to the preamble of claim 23, and a terminal device with such a storage medium according to claim 27.
  • storage media are to be understood as block storage media such as hard disks, as well as very compact portable storage media, by means of which a user can store digital data and, in particular, comfortably carry them with him for portable storage media.
  • storage media find portable storage devices in terminals as any removable external storage media for storing image, sound or video data or for storage of other files use.
  • mobile devices such as digital cameras, cell phones, and MP3 players often use Secure Digital Memory Cards (SD memory cards) or microSD cards with flash memory. Flash memory is also commonly used in USB memory sticks. Flash memories are to be understood as digital memory chips which are based on the EEPROM memory technology (Electrically Erasable Program Read-Only Memory), but allow even faster write accesses. By means of this flash EEPROM technology, a fast, non-volatile electronic memory module is generated, which can be integrated into a flash memory card.
  • EEPROM Electrically Erasable Program Read-Only Memory
  • Respective flash memory cards such as SD cards and smaller micro SD cards, can be inserted into a terminal, such as a camera, so that this terminal can use the storage medium to store user data (hereinafter referred to as "payload data").
  • payload data user data
  • Management of data on a portable storage media requires management data that includes two different types of data.
  • the storage medium generates and uses “own administrative data", which are referred to below as “management data of the storage medium.” This is data that the storage medium itself (more precisely the storage controller) by means of a firmware (also referred to as operating system).
  • the terminal also generates its own management data, which are referred to below as "file management data”.
  • file management data can under
  • the user data for storage in a file system defined by a user is stored. In known storage media, and also in a preferred embodiment of the present invention, this is typically done by means of an FAT-oriented (file allocation table) file management.
  • the content of the file management data may include, for example, a "partition boot record" (first data block of a storage medium having at least one partition) and directories, and is maintained by the terminal only in the case of previously known storage media
  • the management data of the storage medium contain additional information that is required by the storage medium alone to manage the data in the storage areas and, for example, store so that they are read out again for a re-access by a terminal
  • the user data and the associated file management data are stored in such a way that other devices of a user can access this data as well
  • Most terminal device, such as a camera a portable storage medium can use to store its user data (eg photos), and on the other hand, this data not only by means of this first terminal (the camera) recall and possibly also can modify, but that him the payload also for further processing on another device, such as his PC or another terminal again available.
  • a disadvantage of such a very flexible usability of these storage media, however, is that other unauthorized persons can easily gain access to the data stored thereon. Depending on the sensitivity of such data, it may therefore be necessary to prevent unauthorized access to the data.
  • Portable storage media are described for example in German patent application DE 10 2009 032 821 A1.
  • the different access options for memory cards are explained, which meet certain interface standards, such as SD cards, MMC (Multi Media Card) cards and USB (Universal Serial Bus) storage media.
  • predefined commands can be implemented in the case of SD cards, which allows a user to do so. ben to set read-only bits to protect data at least before deletion.
  • US 2003/0084258 AI discloses a flash memory card which can be inserted into a camera and which is a write-once, non-volatile storage medium. The goal is to provide a memory that prevents the creation of copies of the user data to protect the copyright.
  • This process corresponds to a data deletion process.
  • a disadvantage of such a memory or of a corresponding method is that even for the authorized user, the data of the memory is available only once for reading out.
  • US 2010/0058073 AI also relates to the data security of portable storage media such as flash memory cards.
  • a PIN V Personal Identification Number
  • a user can use the flash memory card only after an authentication, ie after entering a PIN number and / or password.
  • the ⁇ number or password is requested. If the PIN or the corresponding password is not entered or entered incorrectly, the terminal will not be able to access the flash memory card.
  • a decryption procedure is started by means of which the data encrypted on the card, for example the user data, can be decrypted and made available to the terminal.
  • DE 10 2009 019 051 A1 describes a storage medium in which all data are stored encrypted. It is provided a decrypting readout channel and a key memory with a key, so that only after an authentication data in plain text on the decrypting readout channel can be output.
  • DE 10 2008 028 703 A1 describes a portable data carrier on which a user can store encrypted sensitive data by means of cryptographic operation directories and access this data again after an authentication. Access to a directory in a file system is associated with performing a cryptographic operation.
  • a disadvantage of the previously known portable Speichemiedien is therefore that they are either realized without security precautions, and thus each user, including unauthorized third parties, access to the data is possible.
  • the security precaution is designed so that an authorized user must in each case enter a ⁇ number or a password or make a different authentication to the portable storage medium to use. Therefore, thus secured storage media can be used only in terminals that allow the entry of a PIN number or a password.
  • this is not possible in many end devices, such as digital cameras or MP3 players or even many USB memory sticks, and would also be impractical for the use of such a terminal.
  • the storage medium should be designed so that the reading of the user data is possible only during an existing authentication of a user, so for example after entering a PIN number or password. It is a further object of the present invention to provide a corresponding method for storing data on such a storage medium, by means of which these security features are fulfilled.
  • a memory controller all or at least certain (in particular the protected) user data only in an authentication of a user and all or at least certain (especially those that a terminal for Storage of user data required) File management data also without an authentication of a user for read access releases.
  • a user can be a person or another device.
  • a storage medium according to claim 23, wherein according to the invention the memory controller is designed such that it releases at least certain user data only during an authentication of a user and file management data even without an authentication of a user for read access during a read access.
  • a terminal according to claim 27, wherein the terminal comprises a storage medium according to the present invention and the terminal is adapted to generate and store user data and file management data on the storage medium and further to read file management data from the storage medium.
  • the inventive method is used for storing data, in particular on a portable storage medium, wherein the storage medium has a memory controller and at least one memory area.
  • memory cards may be used as storage media, wherein the storage area may preferably be designed as a flash memory or EEPROM.
  • storage media conforming to the SD, MicroSD or MMC memory card standard and USB memory sticks may be used.
  • the memory controller controls the read and memory access to the memory area, wherein the memory controller can also be a system of a plurality of coupled memory controllers. In particular, the memory controller manages the memory area.
  • data may be stored, which data may be user data (recorded photos, text, music, video titles and other files) generated by a user when using the storage medium in a terminal and / or by this terminal on the portable Storage medium can be stored in order to read or copy them later.
  • the stored data also administrative data of the storage medium, which does not require a terminal, but which serve the memory controller to store the user data so that they can be read out for a new access by a terminal again .
  • file management data can be saved. The method further ensures read access to data stored on the storage medium.
  • User data and file management data are generated by a terminal and provided in the course of the method for storage on a storage medium connected to the terminal.
  • the memory controller checks whether the data to be stored on the storage medium is user data or file management data or what proportion of the data is payload data and which share is file management data. From the food chercontroUer, the user data and the file management data are written to the storage area of the storage medium and thus stored. Preferably, the above check is carried out at the earliest when the terminal sends the data to the storage medium (for example, just before the memory controller actually writes the data into the memory) and at the latest when the terminal attempts to read this data (for example, shortly after the memory controller retrieves the data from the memory) Memory actually reads).
  • the data to be stored are stored on the storage medium in such a way that the memory controller can again distinguish whether it is user data or file management data in the case of a later read access to the data.
  • user data in the sense of data that a user should be able to access, or file management data for managing the storage area can already be stored.
  • the memory controller at least certain user data (alternatively, all user data) only in an authentication of a user, so for example after entering a PIN number or a password for a read access free.
  • the memory controller in particular file management data without a prior authentication of a user for a read access.
  • This solution according to the invention offers the advantage that a terminal device no longer necessarily has to offer the user the opportunity to authenticate himself.
  • terminals can be used which do not offer the input of a PIN or a password. It must also be deposited on the terminal and no software that checks a user authentication.
  • Each compatible device has all the file management data of the storage medium - which the terminal always needs to store user data - available as soon as it is connected to it. Therefore, with the method according to the invention, each terminal, which fundamentally offers the standard that the portable storage medium has, for example, offers to use the storage medium for storing user data, since no authentication is necessary for storing the user data alone.
  • a user of a digital terminal such as a user, authorizes at least certain user data for authentication of a user, file management data but also without authentication of a user for read access Photo camera without the execution of an authentication data (such as user data in the form of recorded photos) can save on the Speichermediuni so that they are protected from access by an unauthorized third party. Read access to such protected user data is only possible with an authentication of a user.
  • any digital end which in principle can use the storage medium, i. which fulfills the same interface specification as, for example, the portable storage medium, accessing the file management data without authentication of a user, which makes it possible for other user data to be stored on the storage medium without prior authentication.
  • the aforementioned advantages also relate to a terminal with a storage medium according to the present invention.
  • conventional borrowed terminals can use a portable storage medium according to the invention without a change with regard to their hardware or software.
  • they can do without one Authentication File management data (which may include, for example, a file system, eg FAT, with different file names) in the memory area, or read such data from this.
  • Authentication File management data which may include, for example, a file system, eg FAT, with different file names
  • the terminal can organize or manage the user data without an authentication and store it in a format compatible with other terminals. Consequently, according to the present invention, on the one hand, unauthorized access is prevented, at least for certain user data, and, on the other hand, the access to the file management data, which a terminal requires in operation, is released.
  • the memory controller can already check, before the data is stored, whether data which is to be stored on the storage medium is user data or file management data. Alternatively, he can perform this check only before reading the data.
  • the memory controller can use already stored user and / or file management data and / or own administration data to check whether certain data are user data or file management data.
  • At least certain user data are stored in encrypted form on the storage medium by the memory controller, and advantageously the memory controller releases the encrypted user data during a read access only if the user already has an existing authentication by decrypting it. Conversely, without such authentication no decryption of the relevant data is performed and thus they are blocked from unauthorized read access.
  • the memory controller further encrypts the file management data and also stores these encrypted data on the storage medium.
  • the memory controller decrypts and outputs such encrypted stored file management data in the event of a read access even without an authentication of a user. This ensures that even a terminal, which does not provide, for example, an authentication of a user, can access the file management data, which makes it possible for such a terminal to store user data or other user data on the storage device. storage medium, for which the "knowledge" of the previously created file management data is necessary.
  • the method is preferably designed so that the memory controller after completion of authentication access to the stored user data again locks, so for example in a further read access none Decrypt the encrypted user data without further authentication.
  • the inventive method is further configured such that the memory controller prevents a conversion of user data to file management data (and vice versa) (ie, for example, a re-declaration of protected user data in an unprotected directory), whereby It is ensured that user data that is not actually to be protected is converted into quasi-unprotected file management data that is released for access without prior authentication.
  • different authentication levels can be provided in the course of the method, the user data being divided into different classes and determining which classes a user with a particular authentication level can access. Thus, it can be ensured that certain, particularly sensitive data, can only be read by certain users by means of a correspondingly provided authentication level.
  • a further terminal which can be associated with the storage medium in connection and which can enable a user authentication, this further terminal the user authentication and thus access to all stored on the storage medium User data and file management data.
  • a user of the storage medium can thus use, for example, a first terminal, such as a camera which does not allow authentication, and which nevertheless allows the storage of user data, and a second terminal, which is preferably a PC, by means of which the user authenticates can perform. This means that, for example, after the removal of the storage medium from the first terminal or also parallel to the first terminal (eg via a USB interface), the user stores the storage medium. dium with the second device or the PC can connect to access its user data.
  • the file management data comprises a folder structure for storing the user data.
  • the memory controller can store user data in an existing folder structure and he can preferably also complete or change the folder structure, for example, if a user wants to create additional folders or subfolders or rename existing folders.
  • File management data in the form of a table for example, a "File Allocation Table", FAT
  • FAT File Allocation Table
  • the management data of the storage medium can be stored in another separate storage area.
  • a storage medium according to the present invention is preferably a portable storage medium such as a memory card, in particular a flash memory card or a USB stick.
  • the storage medium is preferably further designed so that it can be associated with a first terminal, which for example does not allow authentication by a user and can be brought to read or further processing of stored user data with a second device, by means of which the user can authenticate so that the memory controller releases that user data for access.
  • the inventive method, the storage medium, as well as the terminal according to the invention is designed so that a deletion or overwriting at least certain user data is only possible in an authentication of a user, i. the memory controller releases a write or erase access to this user data only during an authentication.
  • the inventive method, the storage medium, as well as the terminal according to the invention is designed so that a deletion or overwriting of certain user data is not allowed.
  • the inventive storage medium, as well as the terminal according to the invention is designed so that a deletion or overwriting of certain administrative data is not allowed or only after an authentication of a user.
  • FIG. 1 shows the sequence of a method according to the invention beginning with a read access to stored data.
  • Figure 1 shows schematically the flow of a read access to data which are stored by the inventive method on a storage medium according to the invention.
  • data is already stored on the storage medium in such a way that the memory controller can distinguish between the readings and the file management data during read access to the data.
  • file management data is typically stored using a standard, standardized file system, the FAT (File Allocation Table) system with its variants. It is especially used on SD memory cards and is interoperable with most operating systems on PCs and mobile devices. Therefore, in this example, a FAT file system is assumed.
  • a FAT-formatted disk contains a partition table with the frame information (size, address space, etc.) for each partition set up on the disk.
  • the partition at a standardized block address of the partition, there is the boot record, from the contents of which the block addresses of the file allocation table (FAT) and of the root directory can be determined in a standardized manner.
  • FAT file allocation table
  • the memory controller can both read and modify the read and written data and associated block addresses. Furthermore the memory controller is a separate "protected" memory area available in which he can store data permanently, but is not addressable from the outside.
  • the file management data (or at least part of it) must remain freely accessible on the data carrier and only the user data (or at least part of it) may be protected against unauthorized access .
  • the file management data is stored in the boot record, in the FAT, as well as in the data blocks in which the directories containing the names of the files and subdirectories are stored.
  • the user data lies in the data files.
  • the FAT stores which data blocks are free, which data blocks are already occupied by data (user data or file management data such as directory data), and how the data blocks belonging to a file or directory are linked together.
  • the memory controller On the basis of this structure of the FAT file system, it is possible for the memory controller to differentiate between user data and file management data, and thus to ensure with an appropriate security policy which file management data remain freely accessible and which user data are protected against unauthorized access.
  • a security policy could be: all file management data is freely accessible, all user data requires authentication.
  • all data to be written (user data and file management data) are stored in encrypted form in the flash memory by the memory controller.
  • the memory controller maintains an internal access table (part of the "own management data"), which shows for each data block whether it belongs to a data file (user data) or to the file management data.
  • the terminal also called host device
  • the encrypted content of the data block is automatically decrypted by the flash controller and returned to the host device.
  • the host device wants to read out a data block which belongs to the payload, the block is decrypted only if the corresponding user authentication (eg cryptographic or by means of PIN) was successfully carried out with respect to the memory controller. If the user is not authenticated, the implementation may provide that the host device gets back the encrypted data or that only dummy data (eg 0) is returned.
  • the corresponding user authentication eg cryptographic or by means of PIN
  • the maintenance of the internal access table by the flash controller can be implemented as follows:
  • a newly written data block is given a "payload" entry by default, unless the memory controller can already judge at the time of writing that the block contains management data.
  • File System is described and then described, the entry in the internal access table is set to "Administration", so that this block can be freely read by the host device in the future. If the memory controller determines that the block is a data file (user data) is assigned, he sets the corresponding entry of the access table to "payload" and subjects him to the described access control via the user authentication
  • the memory controller of the storage medium receives the read access 12 and by means of the memory controller an analysis 14 of the requested data type is made. It is therefore first checked whether it is file management data or payload. Since the host device is to be able to access file management data without prior authentication of a user, in the case of the presence of file management data, decryption 16 is automatically performed, and then an output 18 of that file management data to the host device takes place without hindering the file Administrative data can access.
  • the host device If, during the analysis 14 of the data type, it is determined that the data to which the host device wants to access is user data, it is further checked whether an authentication 20 of the user is present. If this check reveals that an authentication 20 has actually taken place, an encryption 22 is also carried out here so that decrypted user data for issuing 24 is now also sent to the host device. In the case where previous authentication did not take place, in the case of the illustrated implementation, see that the host device receives only dummy data (eg zeroes). Alternatively it can also be provided that the host device gets back no or only the encrypted user data.
  • dummy data eg zeroes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé servant à enregistrer des données sur un support d'enregistrement qui comporte un contrôleur d'enregistrement et au moins une zone d'enregistrement, et servant à accéder en lecture à des données qui sont enregistrées sur le support d'enregistrement. Des données d'utilisation et des données de gestion de fichiers sont générées par un terminal et sont destinées à l'enregistrement sur le support de stockage relié au terminal, et le contrôleur d'enregistrement enregistre les données d'utilisation et les données de gestion de fichiers, les données à enregistrer étant enregistrées sur le support d'enregistrement de telle sorte que le contrôleur d'enregistrement peut, lors d'un accès en lecture aux données, distinguer s'il s'agit de données d'utilisation ou de données de gestion de fichiers. Selon l'invention, le contrôleur d'enregistrement valide la totalité ou au moins certaines des données d'utilisation uniquement en cas d'authentification d'un utilisateur et valide la totalité ou au moins certaines des données de gestion de fichiers même sans authentification d'un utilisateur pour l'accès en lecture. L'invention concerne en outre un support d'enregistrement correspondant ainsi qu'un terminal pourvu d'un tel support d'enregistrement.
PCT/EP2011/070627 2010-11-24 2011-11-22 Support d'enregistrement et procédé servant à faire fonctionner un support d'enregistrement WO2012069446A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE201010052224 DE102010052224A1 (de) 2010-11-24 2010-11-24 Speichermedium und Verfahren zum Betreiben eines Speichermediums
DE102010052224.4 2010-11-24

Publications (2)

Publication Number Publication Date
WO2012069446A2 true WO2012069446A2 (fr) 2012-05-31
WO2012069446A3 WO2012069446A3 (fr) 2012-10-26

Family

ID=45463537

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/070627 WO2012069446A2 (fr) 2010-11-24 2011-11-22 Support d'enregistrement et procédé servant à faire fonctionner un support d'enregistrement

Country Status (2)

Country Link
DE (1) DE102010052224A1 (fr)
WO (1) WO2012069446A2 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012015348A1 (de) 2012-08-06 2014-02-06 Giesecke & Devrient Gmbh Verfahren zum Schreiben und Lesen von Daten auf einem blockorientierten Speichermedium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084258A1 (en) 2000-10-06 2003-05-01 Jun Tashiro Memory apparatus
US20100058073A1 (en) 2008-08-29 2010-03-04 Phison Electronics Corp. Storage system, controller, and data protection method thereof
DE102008028703A1 (de) 2008-10-09 2010-04-15 Giesecke & Devrient Gmbh Ausführen kryptographischer Operationen
DE102009032821A1 (de) 2008-10-28 2010-04-29 Giesecke & Devrient Gmbh Speichermedium mit unterschiedlichen Zugriffsmöglichkeiten
DE102009019051A1 (de) 2009-04-28 2010-11-11 Giesecke & Devrient Gmbh Speichermedium mit Verschlüsselungseinrichtung

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH113284A (ja) * 1997-06-10 1999-01-06 Mitsubishi Electric Corp 情報記憶媒体およびそのセキュリティ方法
US20070168292A1 (en) * 2004-12-21 2007-07-19 Fabrice Jogand-Coulomb Memory system with versatile content control

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084258A1 (en) 2000-10-06 2003-05-01 Jun Tashiro Memory apparatus
US20100058073A1 (en) 2008-08-29 2010-03-04 Phison Electronics Corp. Storage system, controller, and data protection method thereof
DE102008028703A1 (de) 2008-10-09 2010-04-15 Giesecke & Devrient Gmbh Ausführen kryptographischer Operationen
DE102009032821A1 (de) 2008-10-28 2010-04-29 Giesecke & Devrient Gmbh Speichermedium mit unterschiedlichen Zugriffsmöglichkeiten
DE102009019051A1 (de) 2009-04-28 2010-11-11 Giesecke & Devrient Gmbh Speichermedium mit Verschlüsselungseinrichtung

Also Published As

Publication number Publication date
WO2012069446A3 (fr) 2012-10-26
DE102010052224A1 (de) 2012-05-24

Similar Documents

Publication Publication Date Title
DE60017613T2 (de) Speicher und Datenverarbeitungseinheiten und Datenverarbeitungsverfahren
WO2003007132A1 (fr) Dispositif de memoire assurant la protection de donnees dans un processeur
DE19803218A1 (de) Informationsspeichermedium und zugehöriges Schutzverfahren
DE102004056651A1 (de) Verfahren und Einrichtung zur Datenarchivierung in einem Datenspeichersystem
EP2502176B1 (fr) Procédé et dispositif pour avoir accès à des données de commande selon d'une information des droits
DE20314722U1 (de) Vorrichtung für sicheren Zugriff auf Digitalmedien-Inhalte, virtueller Multischnittstellen-Treiber und System für sicheren Zugriff auf Digitalmedien-Inhalte
DE102017104080A1 (de) Generalisiertes verifizierungsschema für sichere metadaten-modifizierung
DE60319005T2 (de) Eintrittspunkt für daten der digitalen rechteverwaltung
WO2007118517A1 (fr) Procédé de sauvegarde limitée dans le temps des données sur des supports de données
EP1762956A2 (fr) Ordinateur avec au moins un connecteur pour un support d'information amovible et procédé de démarrer et d'utilisation d'un ordinateur avec un support d'information amovible
WO2005081089A1 (fr) Procede de protection de donnees confidentielles
EP2370903B1 (fr) Accès mémoire sur un support de données portable
WO2012069446A2 (fr) Support d'enregistrement et procédé servant à faire fonctionner un support d'enregistrement
EP1844467A1 (fr) Support de donnees portable a fonctionnalite de filigranage
DE112009004950T5 (de) Verfahren, System und Vorrichtung zum Sichern einer digitalen Speichervorrichtung
DE102004019681A1 (de) Verfahren zum Schreiben von Daten und Datenverarbeitungsgerät
EP1739589A2 (fr) Carte additionelle pour un ordinateur et procédé de démarrage sécurisé d'un ordinateur.
DE102009018222A1 (de) Schreibzugriff auf einen portablen Datenträger
DE102021131424A1 (de) Verfahren und systeme zur sitzungsbasierten und gesicherten zugriffsteuerung auf ein datenspeichersystem
DE102012006457A1 (de) Verfahren zum Verschlüsseln von Daten auf einem Speichermedium
DE102020207034A1 (de) Geteiltes widerrufsprotokoll für datenzugriffskontrolle
WO2010040423A1 (fr) Exécution d'opérations cryptographiques
WO2012172041A1 (fr) Support d'enregistrement avec protection d'accès et procédé permettant de faire fonctionner un tel support d'enregistrement
DE102012111181A1 (de) Speichersystem, insbesondere Cloud Storage System, und Computerprogrammprodukt
CN107657182B (zh) 一种增强媒体数据权限控制可靠性的方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11805430

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct app. not ent. europ. phase

Ref document number: 11805430

Country of ref document: EP

Kind code of ref document: A2